Hi, I'm kinda new with this, I have a Layer 3 switch, in which I have 2 vlan, Vlan 1 and Vlan 2
Vlan 1 has an IP: 192.168.1.201 255.255.255.0
Vlan 2: 192.168.2.1 255.255.255.0
each vlan has 1 PC on it
Vlan 1 has 192.168.1.90
Vlan 2 has 192.168.2.5
they have as Default gateway each vlan address, and works perfectly fine, after doing IP routing both can ping eachother and everything, BUT then I wanted to add an internet connection, since I want PC's on Vlan 1 to have internet, I put that connection in a port inside Vlan 1
Now, that connection has a default gateway 192.168.1.254, meaning that the PCs can't use the internet if they have their Vlans as default gateway, and if they do have 192.168.1.254 as default gateway, then they can't ping eachother.
what I tried is picking a port inside vlan 1 where the internet cable will go, make it no switchport, put an IP address like 192.168.3.1 255.255.255.0, and then do IP ROUTE 192.168.1.0 255.255.255.0 192.168.3.1
But it doesn't work because "Invalid next hop address"
I'm really stuck rn, I need the IPs of the PCs static so I don't think I will have to mess with the DHCP, maybe the solution is easy, but again, I'm kinda new with this, so any help is appreciated!
BUT then I wanted to add an internet connection, since I want PC's on Vlan 1 to have internet, I put that connection in a port inside Vlan 1
Does your wan device have an ip address of 192.168.1.254?
Also your switch is performing L3 intervlan routing between vlan 1 & 2 so a default-gateway isnt applicable unless you disable ip routing and if you do that you will lose inter-vlan communication between the vlans.
What you do need is a default route pointing to the wan interface and ip.
ip route 0.0.0.0 0.0.0.0 vlan 1 192.168.1.254
Lastly if your wan device does have the above ip address then i am assuming its performing NAT translation for internet access for vlan 1& 2?
the switch itself has this IPs
I understand your description of vlan 1 and 2 and inter vlan routing, which is working. That is a good start.
I am not so clear about your description of Internet access. Can you help me understand:
- what device is providing Internet access?
- is the device providing Internet access configured to do Network Address Translation for your inside networks?
- do you want just 1 vlan to access the Internet or do you want both vlans to access the Internet? (The answer to this would be important in the configuration of NAT)
There are several approaches that you might use for Internet access:
1) The device providing Internet access could be connected to a port in vlan 1 (which you describe in the early part of the discussion). If you do this then devices in vlan 1 need to have their default gateway as the address of that Internet device. And the Internet device needs to have a route for the network of vlan 2 with the switch vlan 1 IP address as the next hop. In this situation vlan 1 would get Internet access directly using the Internet device. If vlan 2 needs Internet access then the switch needs a default route with the Internet device as the next hop. Inter vlan routing would have devices in vlan 1 wanting to communicate with vlan 2 would forward their packet to the Internet device which would use its route for vlan 2 to forward the packet to the switch vlan 1 address and the switch would forward to the destination. For devices in vlan 2 wanting to communicate with vlan 1 would forward their packet to the switch and the switch would forward directly to the destination.
2) The device providing Internet access could be connected to a port in a different vlan (vlan 3?) If you do this then devices in both vlan 1 and 2 need to have their default gateway as the appropriate switch vlan address. The switch would need a default route with the Internet device as the next hop. And the Internet device would need routes for the vlan subnets with the switch vlan 3 address as the next hop. Inter vlan routing is on the switch and is simply routing between connected subnets. Any traffic going to the Internet would be forwarded by the switch using the transit vlan to get to the Internet device.
About how I did everything, I pretty much followed this tutorial (https://community.cisco.com/t5/networking-videos/how-to-configure-intervlan-routing-on-layer-3-switches/ba-p/3103792), no more configurations beyond that if that helps
Try like this:-
int vlan 1
desc VLAN1 PCs & Internet
int vlan 2
desc VLAN2 PCs Only
ip access-group INTERNAL-ONLY in
ip access-list ext INTERNAL-ONLY
permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
ip route 0.0.0.0 0.0.0.0 192.168.1.254 name INTERNET